Features | From Pivot Magazine

Can auditors close the great expectation gap for good?

Five audit experts take on the profession’s existential problem

A Facebook IconFacebook A Twitter IconTwitter A Linkedin IconLinkedin An Email IconEmail

Group of people standing and talking with blue backdrop From left to right: Doug King, FCPA; Kerry Gerber, FCPA; Karyn Brooks, FCPA; Eric Turner, CPA, CA; Chris Clark, FCPA (Photos by Luis Mora)

The expectation gap is a huge and thorny issue in the audit profession—so much so that even the definition is up for debate. Broadly speaking, it’s the difference between what the profession thinks an audit is—and does—and what everyone else thinks. But those gaps in perception can be different for every player—management, the audit committee, regulators, the investment community. It’s a time of great change in audit: standards are evolving, Audit Quality Indicators have been introduced to help both auditors and clients, and a new, expanded audit report is now in place. Pivot convened a panel of experts at Leña restaurant in Toronto to discuss the central issue—the expectation gap, and what can be done to close it. Editor Mark Stevenson moderated.

THE PANEL

Doug King, FCPA
National Data and Analytics Leader, Audit at KPMG Canada

Kerry Gerber, FCPA
Corporate Director and former Chief Auditor and Assurance Quality and Methodology Leader, PwC Canada

Karyn Brooks, FCPA
Corporate Director and audit committee member; Former Senior Vice-President and Controller, BCE and Bell

Eric Turner, CPA, CA
Director, Auditing and Assurance Standards, Chartered Professional Accountants of Canada

Chris Clark, FCPA
Former CEO, PwC Canada and current director and chair of the audit committees of Loblaw Companies Limited and Air Canada

THE DISCUSSION

Mark Stevenson: Let’s start by defining the issue. What exactly is the “gap” in the expectation gap?

Kerry Gerber: I think there are many elements to it. I would focus on the public’s perspective of an audit, and that it may not match up with what an audit actually is. There are different gaps. Does the shareholder community understand what the audit standards say? When there is a corporate failure of some kind, or something goes awry, then there’s a lot of questioning by government and by the wider public: “Where were the auditors? What were they doing? Why did we have this outcome?”

Chris Clark: Apart from the expectation gap from the general public, there’s the expectation gap from the user community—the investor community—around what they’re able to obtain out of audited financial statements and the usefulness of those statements.       

Karyn Brooks: I would argue that the expectation gap is really the fault of people not reading the auditor’s report. The report is pretty clear about what auditors do and don’t do. Then it comes down to the analyst’s expectation—they just want the auditors to audit a whole bunch of stuff that they don’t now.

Eric Turner: But there is real confusion or, at least, misunderstanding. When CPA Canada had a roundtable with some investors last year—and a number of them were, in fact, CPAs—it became clear that they did not fully understand what the auditor’s involvement had been. They saw the financial statements and the auditor’s report, but they also looked at the other information that went along with that, including the MD&A [Management Discussion and Analysis] and KPIs [Key Performance Indicators]. They had no idea what the auditor’s involvement had been with that information. Some thought, “Well, it’s probably been audited because there’s an audit report in the package.” 

Doug King: One problem is the communication vehicle we have. Although we have an audit report, it’s generic. It’s the same every time and it’s not really looked at. Many people ignore it. Others think, “I don’t care if this information is audited. I don’t even care about the information, because I develop my own information.” Management already develops all these performance indicators. So it only prompts the question—what did the auditor do? 

Mark Stevenson: Where, then, do you think the gap is widest and most problematic? Is it with the general public and the profession? With the investor community and the profession?

Chris Clark: It’s with the general public because they think of the auditors as some kind of insurance policy against a corporate failure. And unfortunately, that leads into the whole question of relevance from the audit profession’s perspective. Many people now think auditors are not relevant because they’re not providing that kind of guarantee. 

Eric Turner: Investors are looking at, and relying on, information beyond the audited financial statements. They may have some feeling that there’s been auditor involvement with it. So if there’s some sort of disaster, it leads to a real public concern about the role of auditors: “We thought you guys were involved in this reporting. How could you not be involved?”

Chris Clark: Eric, I would argue that the information the investors are relying on is all audited information. The problem is the lack of consistency and comparability of the information as opposed to whether or not the fundamental information underlying those non-GAAP measures or KPIs is audited.

Eric Turner: That might be true on the financial information, but there is a lot of operational information that comes from systems and processes. These are not used to generate the financial statements. 

Karyn Brooks: And those are the numbers that the analyst community, in particular, would like to see audited. If I put my preparer hat on, I think that’s a bad idea.

Mark Stevenson: How so? 

Karyn Brooks: I wouldn’t want the auditors auditing KPIs. They’re measures that management uses to run the business and they disclose them so they can better explain the results. I don’t know how you would audit them. We could go down a very deep hole here.

Doug King: You’re right, Karyn, and even then an expectation gap exists. People think the MD&A is audited. Let’s be honest, MD&A is management’s story with numbers that are audited. And that just extends the expectation to an area that we’re not even really involved with to a great extent. 

Kerry Gerber: I was just reading some reporting that suggested investors are not only interested in assurance around the numbers, but also around the narrative that management puts forward. So to your point, how would an audit team broker that with management? Second, who’s going to pay for that? Every time you ask the auditor to do something, I expect the auditor would appreciate some dollars to do it. Then there’s the debate of the cost/benefit. What problem are we actually trying to solve by providing the additional assurance? If you take a step back, you may ask, is the audit going far enough? Is it covering enough of the information? Yes, auditors could do more, but we have two barriers. One is cost and the second is that the standards aren’t there to really go beyond the safe harbour auditors have within existing GAAS [Generally Accepted Auditing Standards].

Karyn Brooks: And I would argue that the third barrier is management. I don’t think management has any difficulty with the auditors auditing the financial statements where there are rules—there are principles around how those are prepared. But if the auditors go beyond the financial statements and into the MD&A, then management will not be able to tell their story. Also, I don’t know how you calculate KPIs without industry standards, whether it be cost per ounce or same-store sales—I mean, pick your KPI. They have to be developed for every single industry and there’s no body to do that. As I say, it’s a deep, dark hole.

Chris Clark: There’s a fourth barrier, and that’s the litigation environment out there, and the liability that the auditors are going to attract.

Doug King: But I think we need to go there, because auditors need to extend the usefulness of an audit. We have to be bold enough to say we need to look at what business we’re in. It’s not just doing audit. It’s information verification. As a profession, that’s the business we should look at ourselves being in. 

Mark Stevenson: That ties into the issue of how much should be disclosed. Would more disclosure around what the auditor has done help with the expectation gap?

Chris Clark: As Karyn says, if nobody is reading the auditor’s report anyway, will more disclosure really close that expectation gap? I’m not sure that it will.

Kerry Gerber: Auditors are using an expanded report in the U.K. and elsewhere, and it has not necessarily closed the expectation gap. The profession still seems to be grappling with the core expectation issues. Yes, there’s more transparency, but a host of things still go unreported. Investors are increasingly interested in disclosure around the discussions that the auditor has with management. But how will you ever have a meaningful, trusting conversation with your client and the management team if it’s going to be reported in your audit opinion? There’s still room to have a dialogue around these issues, but it has to be everybody working together in concert because we still have a public function to fulfill. If we’re afraid to go into uncharted waters, then we may, in fact, lose our ability to continue. One constituency I was interested in hearing from was the board of directors. What is their expectation of the audit? We’ve spent a lot of time trying to educate directors about that. Now I think that expectation gap is starting to close. 

Chris Clark: I would say there are a number of people on boards of directors and audit committees who don’t have a clear understanding of an audit. Audit committees today are not entirely made up of CPAs. They consist of a variety of people from different industries, bringing different backgrounds, skills and expertise—all of which you want on an audit committee. And committee mandates continue to expand—much of an audit committee’s meetings are spent dealing with issues of Enterprise Risk Management, in many instances. It’s up to the chair of the audit committee to make sure that their own committee truly understands what is taking place with an audit.

Karyn Brooks: That’s interesting because it doesn’t reflect my audit committee experience—in my experience, a lot of time is devoted to the financials. The audit committee, by and large, understands the auditor’s role. But I totally agree that I’m not sure the broader board of directors has any idea what the auditors do. 

Mark Stevenson: On the question of technology, there is a lot of thinking around how artificial intelligence is changing the nature of audit. Is technology changing the expectation gap or not, or just not yet?

Doug King: Absolutely, technology is the way of the future in an audit, but it’s not well understood what it could do in terms of helping in this regard. Management may be asking, “Why aren’t you using technology in the audit?” In my view, that’s really about management believing that if you use technology, the price of an audit should come down. It’s not really about the quality of audit.

Kerry Gerber: The gap could be widening because of the speed at which information goes to the public. The public receives more and more information about a company all the time, and it isn’t getting any kind of assurance attached to that information. Yet the public has an expectation about the auditor’s involvement with that information. 

Karyn Brooks: But technology could narrow the gap. When I started my career, we tested 24 items for the whole year, substantively. With technology, an audit can look at 100 per cent of the transactions and search for anomalies. That’s a huge difference.

Chris Clark: The profession and the Big Four need to get out front on this and show how audit is changing with technology. As a chair of audit committees, I ask each of the auditors I work with about how they’re using technology to be more effective and efficient—not because I want to reduce the audit fee, but because I want to enhance the quality. I also want auditors to take those hours that were being invested in vouching various transactions—work that technology will now do—to focus on more value-added work that will help reduce risk and provide the audit committee with better information.

Kerry Gerber: If technology can reduce some of the more mundane audit processes that have to be done and focus on those areas of risk and key judgments that management is making, it’s a better place to be as a profession. The thinking part of being an auditor is important to our future. Our young people entering the profession want challenging things to do.

 Group of people siting around table talking

Mark Stevenson: Let’s talk about regulators. To what degree are they responsible for the expectation gap?

Doug King: Regulators need to come to the table and work with the auditors. If all parties don’t have open dialogue, we’re not going to make advances. 

Kerry Gerber: The securities regulators have a role. In my observation, they’re more interested in capital formation—allowing markets to be created—than they are in necessarily trying to fix the age-old problem of an expectation gap. 

Karyn Brooks: Part of the problem of solving the expectation gap is that there are too many players in the game who all have different agendas.

Kerry Gerber: And none can act unilaterally.

Chris Clark: I think the Audit Quality Indicator program does help. All of us within the financial community—the securities regulator, the Canadian Public Accountability Board (CPAB), the preparers, the auditors, and the audit committee—we all have a role to play to help drive audit quality. Having higher audit quality will help reduce the expectation gap. The challenge is getting everybody working together and moving in the same direction. 

Kerry Gerber: But if there is some catastrophe—if there is a big failure and the governments get involved, they are not going to be saying “Let’s bring everybody together.” They are going to be in there writing legislation and that’s not going to be, you know, helpful. 

“The new longer-form audit report is helpful because it better explains the audit process and what auditors do.”

Mark Stevenson: What have you seen in the last few years that has helped with the expectation gap? 

Eric Turner: One of the big developments was when CPAB began publishing reports around audit quality. That’s provided a lot more transparency around the issues, what firms are doing about them and the improvements that have been made over time.

Karyn Brooks: The new longer-form audit report is helpful because it better explains the audit process and what auditors do. And I think it will be even better for users, perhaps not for management, when the key audit matters are added. But again, people have to read it.

Chris Clark: There are two schools of thought on this new expanded audit report as to whether it’s actually going to make any real difference, or whether it will merely become boilerplate—because the audit profession is so concerned about the liability that might exist, and management will be very concerned about what the audit actually says. The question becomes: Will the new expanded report truly provide any greater value to the readers of financial statements than what exists today? 

Kerry Gerber: I would suggest the expanded report is a better fit in terms of the three legs of the stool—it will allow the board, management and the auditor to talk about the same issues. Management will say: “Okay, auditor, give me your draft report because I need to understand what it is you’re saying about this particular issue that we just spent the last three weeks sweating through.”

Chris Clark: Also helpful to audit quality are the new independence rules that were put in place over the past number of years, and non-audit service policies that are in place in various companies. They clearly define the work auditors can do and can’t do in addition to their audit services. One of the parties we haven’t talked about are these proxy advisory services firms, which play into this whole space in the sense of recommending whether certain directors should be re-elected or whether auditors should be reappointed. These firms can be helpful at times. At times they don’t truly understand exactly what’s happening. But they play an important role in this whole area today, and if you don’t listen to what they have to say, it’s at your peril. 

Karyn Brooks: And they truly do influence the decisions that boards make.

Kerry Gerber: Boards and management are having to deal with a broader spectrum of stakeholders. You have the environment and social responsibility groups. There’s the Canadian Coalition for Good Governance—they represent institutional investors. You have the hedge funds and the large organizations—for instance, the Ontario Teachers Pension Plan. These stakeholders have increased expectations around what information they’re getting. This probably doesn’t help the expectation gap, but there is an opportunity for the accounting profession to step into this area and help companies work with their broad constituency. What additional assurance can the audit firms provide with respect to the information that’s being given to that constituency? On the other hand, will that not also bring a hotter spotlight to what the auditor should or shouldn’t be doing? And at some point, the auditors may either feel constrained or shy away from some of these challenges. 

Man sitting at table talking with another man

Doug King: I come back to information verification. As a profession, we’re doing a disservice to ourselves by not being out there touting the other things we could do for third parties. Going to the audit committee with some of the things we could do there, even as far-reaching as auditing to the mandate the board has, and if there is a framework there we can provide assurance on that. Talk about the broad scope that I think is available to us today even under the existing standards. I think we are at our own peril if we don’t broaden the service offerings, get out in front of it. 

Kerry Gerber: And to come back to disruption, what if Google, with its huge market cap and its huge war chest, decides to step into our role and start validating data and issuing a report? It will disrupt our industry because it holds all the data. Another disrupter will be blockchain, and its ability to validate data as the transactions occur.

Chris Clark: Which goes back to the question of relevance. Unless the profession figures out a way to deal with the risk of disruption that could take place, I think we are very much are at risk. 

Mark Stevenson: Well, I think everyone worries that we’re all going to be working for Google someday. I wanted to ask about audit failures such as Carillion in the U.K., and if that collapse and the fallout is on people’s minds?  

Eric Turner: A few years ago, people might have said, “Well, that’s the U.K.’s problem and they’ll fix it.” But now the firms are so global. The regulators are talking globally. So everyone is talking about it. It just can’t be ignored even though it didn’t happen here. 

Kerry Gerber: But the solutions aren’t necessarily global in nature. In the Netherlands, for example, audit partners are required to put one-sixth of their earnings aside every year in a pot in case a problem might arise. A regulator in another country might say: “Well, that’s a good idea, let’s just do that here.” That solution may, in fact, not be appropriate or responsive to the issue at hand. For our part, I believe Canada has a very good record of bringing people around the table and sorting out solutions to its particular audit issues, such as what occurred with the recent Enhancing Audit Quality (EAQ) initiative. 

“Every time there’s a failure it leads to draconian rules being implemented that don’t necessarily drive higher value.”

Karyn Brooks: I like to think about audit failures separately from expectation gaps. Audit failures absolutely create more regulation, but audit failures are usually about bad apples, fraud and people who don’t perform to standards. To me, it just doesn’t tie back nicely to the expectation gap—the expectation gap lives in the space where audits are done well, but people still don’t understand what the audit is.

Chris Clark: But they are very much related because if you didn’t have audit failures, I don’t think you would have as wide an expectation gap. If all of us who work in the system have a role to play in reducing audit failures and enhancing audit quality, it does help to close the expectation gap. 

Doug King: Every time there’s a failure, as Kerry says, it leads to draconian rules being implemented that don’t necessarily drive higher value. It just implements a set of rules-based things that need to be done that may be focused on that particular problem. 

Karyn Brooks: And they start to generate a bit of a tick-the-box mentality within the firms, which can in and of itself reduce audit quality—just because there’s so much compliance you have to do before you can sign a report. 

Doug King: I know we talked about technology, but as I look forward, if we can get the tools to do a better job of risk assessment—which today is all on the judgment of the auditor and the knowledge they bring—if we can enhance that, we can focus more on risk and hopefully reduce these problems before they occur. 

Chris Clark: And again, there’s a broader role within the context of Enterprise Risk Management of an organization. If there was a broader role there, so everyone understands what the risks are to the organization, I think that could make a big difference.

Doug King: That would be huge. You’d be in much better sync with management and the audit committee and if there were problems it would be, “Well, we are all on the same page, right? It wasn’t the auditor standing over there. We all came at this the same way.” 

Mark Stevenson: What effect have recent court decisions—such as the Livent case—had on the expectation gap, and questions around the role of auditors?

Kerry Gerber: Livent was a complex case. My guess is it muddied, rather than cleared, the waters on the expectation gap. If we believe auditors need to move forward in providing assurance on information that’s useful to decision makers, then legal liability questions are part of doing that.

Eric Turner: There’s a common practice by auditors in the U.K. to include additional language in their auditor’s reports explaining who their report is intended for, and the limitations in the responsibilities they’re assuming to other parties. This isn’t done in Canada today, but it may be worth considering whether such clarifications are appropriate in light of Livent.

Mark Stevenson: Whose job is it to explain the role of an audit? Is it the firms’ job, or the firms in conjunction with the profession? And how can that communication proactively reinforce that the vast majority of the audits in this country are done really well? 

Doug King: It’s the profession as a whole. It’s CPA Canada and the standard-setting groups.

Eric Turner: I think it’s even broader. I think you must have the director community, investors and the financial executives groups involved, rather than blowing our own trumpet as a profession all the time.

Karyn Brooks: I’m inclined to disagree with you slightly on self-interest. I totally get it. It’s hard for the profession to stand up and say, “We really are good at what we do.” But a good advertising agency could figure out how to make that story work somehow, because the number of audit failures is so small relative to the hundreds of thousands of good audits. What’s more, I think management has seen the increase in the diligence, the questioning and the skepticism—all those things that are important to a high-quality audit.

Mark Stevenson: That’s a hopeful note to end on. Thanks very much everyone.

Could high-tech tools make the expectation gap wider?


Ken Charbonneau, FCPA, knows a thing or two about technological disruption. The new chair of the Auditing and Assurance Standards Board (AASB) worked nearly his whole career at KPMG, but he spent an edifying few years as the CFO of a Canadian-based multinational software company called G&A Imaging. It developed commercial and retail software to help people manage images on their desktops. “Those were the Internet bubble days,” he recalls. “It gave me some insight into the impact of rapid technological change. It’s the same thing we are seeing in business processes now. When I think of the role of audit, I see a real challenge there.”

There’s no question new technologies—advanced data analytics, artificial intelligence, machine learning and more—are changing the audit profession. Charbonneau sees them as having a huge impact as well on the expectation gap—mostly in making it bigger.

Much of the talk around technology has been about tools meant to make audits more efficient—analytics that allow auditors to look at every transaction a company makes instead of just a sample, AI that searches for anomalies in financial statements and even ferrets out fraud. It’s not just auditors talking about these possibilities, says Charbonneau, but software vendors touting technological tools that can review 100 per cent of the information at hand: “All that suggests that some people think fraud should never, ever go undetected in the future. To me that sets unrealistic expectations of the profession.” Until everyone fully understands what these tools can and can’t do, there’s a risk that expectations will further outstrip reality.

The biggest problem, says Charbonneau, is one that auditors have no control over—the faster and faster pace at which companies are bringing new technologies into their own business processes: “If auditors can’t respond quickly to the risks that new technologies introduce, then there is a risk that the expectation gap will continue to widen.” Charbonneau points to cryptocurrency as a prime example. About 50 public companies in Canada have crypto­currency assets in their financial statements, or have said they are going to introduce cryptocurrencies into their business operations. “It’s a very specific challenge,” says Charbonneau. Audit clients may not fully understand the risks of cryptocurrency, or may not have put in place sufficient internal audit controls. For that matter, he says, traditional audit approaches may not be appropriate for crypto assets. “There is not much guidance to help auditors assess and respond to that risk.”

Audit teams will need new skills in the future, and will need to call on experts in computer engineering, artificial intelligence, cryptography and the like more often. When it comes to the audit process, they “need to be comfortable that the tools they are using are sound and will provide what they need, whether the tool is tech-based or not. That’s fundamental.” And they need to keep up with the pace of technology adoption by business, or trust in audit could erode and widen the expectation gap further. “The profession needs to step up and participate in all this. Businesses are not going to stop because auditors are not ready.”